Reading This Column Will Cost You 0.4 Micromort - InformationWeek
Data Management // Big Data Analytics
11:42 AM
Imre Kabai
Imre Kabai

Reading This Column Will Cost You 0.4 Micromort

It pays to assess risk properly in making IT and other big decisions. Here's what not to do.

same as caption
"The dangers of life are infinite, and among them is safety" -- Goethe
We all tend to misjudge risks.

Which animal is the most dangerous: the hippo, shark, bear, lion or tiger? Most people wouldn't guess that those friendly looking hippos cause more human deaths than those other animals combined. But even hippos are safe compared to texting while driving, with its 6,000 annual casualties.

The subject of risk and risk perception is elegantly outlined in The Science of Fear by Daniel Gardner.

Unlikely events are unintuitive. Various biases influence people to make wrong gut decisions. Nobel Prize winner Daniel Kahneman gives a great introduction to these biases in Thinking, Fast And Slow. Here are some that play a role in risk evaluation:

-- Confirmation Bias: I see what I already believe.

-- Anchoring and Adjustment Heuristic: I am influenced by the first piece of information I receive.

-- Ambiguity Effect: I avoid options with unknown probabilities.

-- Bandwagon Effect: I tend to do what others do.

-- Availability Heuristic: The story I remember is more powerful than data.

As a society we pay little attention to truly risky events such as asteroid hits and the overuse of antibiotics. At the same time we are overly sensitive to such relatively small risks as the dangers of using nuclear energy.

[ BYOD brings risk into the IT environment. Read 5 Ways To Stay Ahead Of Consumerization Of IT. ]

A light-hearted approach to personal risk is the use of micromorts. A micromort is a micro-probability, a one in a million chance of dying. A lifetime probability of dying is one mort, so one day costs about 39 micromorts for the average person. Smoking 1.4 cigarettes costs a micromort, same as living within 20 miles of a nuclear power plant for 15 years. Micromorts are a good way to compare relative risks.

Global CIO
Global CIOs: A Site Just For You
Visit InformationWeek's Global CIO -- our online community and information resource for CIOs operating in the global economy.
So how does this analysis apply to IT? Here's an example:

I was tasked to drive the technical infrastructure design of a complex manufacturing system. We had to make decisions about the failover capabilities. We used some of the usual tools (component failure impact analysis, fault trees) to hit the sweet spot: acceptable availability with a reasonable price tag. The business owners didn't like the design; they wanted to spend more money and increase the availability. When we pointed out that, based on historical data, 90% of the outages were due to human errors, the light bulbs came on: We could have spent an extra million dollars to move the technical environments to five 9s, but it would have an impact on only 10% of the unscheduled downtime. Exposing the relative risk helped us to make the right investment decision.

Following are a dozen risk-related IT anti-patterns and worst practices.

1. Whose signature is it anyway? Often the inappropriate person takes the risk. IT is seldom the owner of the business process or steward of the information. IT can help express the likelihood of an event, offer solutions and calculate costs. Signing off on a particular solution and associated risks should be the responsibility of the business owner.

2. Complexity. Growing IT complexity increases the probability of losing data integrity, confidentiality and/or availability. Gaining control over the complexity inspired the first enterprise architecture frameworks in the 1980s. Despite many similar efforts, success stories of addressing IT complexity are rare.

3. Intangible risks. Some impacts are difficult to measure. Therefore, calculation of such risks is up to subjective interpretation and politics.

4. Human error. Studies agree that the most common cause of system downtime is human error. Focusing on the technical aspects won't address this problem. The best way to approach this risk question is to look at the whole people/process/technology stack.

We welcome your comments on this topic on our social media channels, or [contact us directly] with questions about the site.
1 of 2
Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
User Rank: Strategist
2/14/2013 | 7:10:37 PM
re: Reading This Column Will Cost You 0.4 Micromort
You've spoken at length about the assumptions we make and the weaknesses in our own cognitive processes that lead to bad business decisions. But what's the take away here? In your example about enterprise software, you were able to achieve a business consensus by using metrics to substantiate a case. But often, despite our best efforts toward objective analysis, the real issue is goal alignment with regards to business stakeholders. Even by doing our best to make an objective, timely, and well informed analysis free of blindspots, consensus is not always so easy to achieve. The cognexus institute has a great paper on this:

Nonetheless, your column serves to highlight the difficult challenges and endemic dangers of the modern IT landscape.

Excellent read.

Jasmine McTigue
IW Contributor
Andrew Hornback
Andrew Hornback,
User Rank: Apprentice
1/8/2013 | 12:55:24 AM
re: Reading This Column Will Cost You 0.4 Micromort
Try having your only documentation in source code... in a foreign language. I still have the occasional nightmare about that. Sprichst du Deutsch? Keine... en Kode.
User Rank: Ninja
1/7/2013 | 11:57:38 PM
re: Reading This Column Will Cost You 0.4 Micromort
I agree, but this is contrary to common Agile belief where absolutely nothing gets documented because the Agile gurus insist that source code is enough documentation. Good luck wading through 100,000 lines of code when people yell at you when the system comes back up!
Andrew Hornback
Andrew Hornback,
User Rank: Apprentice
1/7/2013 | 3:33:48 AM
re: Reading This Column Will Cost You 0.4 Micromort
There's one Worst Practice that I would add... Biological-based Documentation. If all of the information used to build an infrastructure or maintain and operate it is locked up in the brain cells of a limited number of team members (some of whom have departed the organization), a low-impact issue with one system could cause systemic failures in the infrastructure. If it isn't documented when it's done - it's lost.

Andrew Hornback
InformationWeek Contributor
Register for InformationWeek Newsletters
White Papers
Current Issue
Cybersecurity Strategies for the Digital Era
At its core, digital business relies on strong security practices. In addition, leveraging security intelligence and integrating security with operations and developer teams can help organizations push the boundaries of innovation.
Twitter Feed
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.
Flash Poll